Single Sign-On (SSO) Setup Guide

Requirements:

  • One Designmodo account to complete the SSO setup
  • Postcards Pro, Slides Pro or Startup Agency subscription
  • Access to manage DNS records for the email domain used by your users
  • An active Okta, Microsoft Entra or OneLogin account with permission to create applications

Jump to the Desired Platform

You can jump directly to the setup instructions of the used platform below:

Overview

Single Sign-On (SSO) allows your team to access Designmodo using your company’s existing identity provider, such as Okta or Microsoft Entra, instead of creating separate passwords. Only one Designmodo account needs to complete the SSO setup.

Once enabled, all other users can sign in through the SSO sign-in page: https://designmodo.com/my-account/sso-sign-in/

With SSO enabled:

  • Users authenticate through your company’s login system
  • Each user has their own Designmodo account
  • Passwords and access policies are managed centrally by your identity provider

SSO improves security, simplifies onboarding and offboarding, and eliminates shared credentials.

How SSO Works in Designmodo

Designmodo acts as a Service Provider (SP) and relies on your identity provider (IdP) to authenticate users. Here’s what that means in practice:

  • Users sign in through Okta or Microsoft Entra
  • The identity provider confirms the user’s identity
  • Designmodo creates or matches an individual user account based on that identity
  • No passwords are stored or managed in Designmodo

Users do not share a single Designmodo account and each user is identified individually using a unique identifier (NameID). Access can be revoked centrally by disabling the user in the identity provider.

SSO Setup Process

The SSO setup process follows this order:

  1. Create and configure the SSO application in your identity provider (Okta, Microsoft Entra or OneLogin)
  2. Enter the SSO settings in Designmodo
  3. Verify your domain by adding a TXT record to your DNS
  4. Assign users in the identity provider
  5. Test the SSO login

We’ll start by walking through how to set up Okta.

Okta SSO Setup

This section explains how to configure Single Sign-On using Okta as your identity provider.

Step 1: Create and Configure the Okta Application

Start by creating an Okta account if you don’t already have one: https://developer.okta.com/signup/.

Once logged in to Okta, go to Applications in the left sidebar, then click Create App Integration to start setting up a new SSO app.

Select SAML 2.0 as the sign-in method and click Next to continue.

In the General Settings, enter a name for your app (for example, Designmodo SSO), then click Next.

In the Configure SAML section, copy the Single Sign-On URL and Audience URI (SP Entity ID) from the Designmodo SSO settings page:

Then paste them into their respective fields in Okta:

Set the Name ID format to Persistent, change Application username to Custom, and enter the following value in the field:

user.getInternalProperty("id")          

Important:

After users start signing in, the NameID format and NameID value must not be changed. Changing these values will cause authentication issues for existing users. If changes are required, disable SSO in Designmodo and set it up again.

Next, configure the Attribute Statements in Okta so Designmodo can receive basic user information.

In the Attribute Statements section, add the following mappings:

  • Name: email                      Value: user.email          
  • Name: first_name           Value: user.firstName          
  • Name: last_name             Value: user.lastName          

These attributes must match the values shown in Designmodo’s SSO settings exactly:

After adding all attributes, scroll down and click Next, then scroll to the bottom of the Feedback screen and click Finish to complete the app setup.

After completing the setup, you’ll be redirected to the Sign On tab. In the SAML 2.0 section, click More details, then copy the Sign-on URL, Issuer, and Signing Certificate.

Paste these values into the corresponding fields in Designmodo’s SSO settings and save changes.

After saving the changes, scroll down and add your domain in the Accepted Domains section.

Step 3: Verify Your Domain (TXT Record)

To complete the setup, you must verify ownership of the email domain used by your users.

Designmodo will provide a TXT record value. Add this record to your domain’s DNS settings. The DNS interface may look different depending on your provider (for example, Cloudflare, GoDaddy, or Google Domains).

  1. Open your domain’s DNS settings with your domain provider (for example, Cloudflare, GoDaddy, or Google Domains).

    Add a new DNS record and select TXT as the record type.

    In the Name / Host field, set the record to the root domain.

    Depending on your DNS provider, this may be shown as:

    • @         
    • your full domain name (for example, company.com         )
    • or it may be filled in automatically
  2. In the Value / Content field, paste the TXT record value provided by Designmodo in the SSO settings page:

  1. Leave the TTL set to its default value, then save the record.
  2. After adding the TXT record, click Verify or wait for automatic verification. Designmodo checks for the record every 10 minutes during the first 24 hours, and every 15 minutes during the next 24 hours, so the domain may be verified automatically.

Once verification completes, your domain will be marked as verified and can be used for SSO.

Important note:

  • Each email domain must be verified separately. For example, users with email addresses ending in @companybrand.com          require that domain to be verified.

Step 4: Assign Users and Test Login

Assign Users in Okta

Once the application is configured, you need to assign users to it in Okta.

In the Okta Admin Dashboard, open Applications and select the SSO application you created for Designmodo.

Go to the Assignments tab. Click Assign, then choose Assign to People.

You’ll see a list of users available in your Okta organization. Click Assign next to each user you want to grant access.

Confirm the assignment and click Save and Go Back.

Once a user is assigned, they can sign in using the SSO sign-in page:

https://designmodo.com/my-account/sso-sign-in/

Assigned users will also appear in Designmodo under SSO settings, below the domain section, in the Connected accounts list.

Microsoft Entra SSO Setup

Before you begin, note that only one SSO provider can be active at a time. If you are switching from Okta to Microsoft Entra, make sure to click Disable SSO first in Designmodo:

https://designmodo.com/my-account/sso/

Previously verified domains can be reused, and do not need to be verified again.

Step 1: Create and Configure the Application in Microsoft Entra

Start by creating or accessing a Microsoft Entra account:

https://www.microsoft.com/en-us/security/business/microsoft-entra

Login and head over to the Microsoft Entra admin center. Once there, open "Enterprise applications" from the left-hand menu and click New application to create a new app.

Click Create your own application. In the panel that appears on the right, enter an application name, select "Integrate any other application you don’t find in the gallery", and click Create.


After the application is created, you’ll land on the app Overview page. Go to Single sign-on in the left menu and choose SAML as the sign-in method.

You’ll now be taken to the SAML-based Sign-on settings page. In the Basic SAML Configuration section, click Edit.

In the Basic SAML Configuration panel, click Add identifier and Add reply URL. Open Designmodo’s SSO settings, copy the Entity ID / Identifier and Single Sign-On URL:

And paste them into the matching fields in Microsoft Entra and click Save in the top-left:

After clicking save, close the Basic SAML Configuration panel and scroll down to the Attributes & Claims section and click Edit and Open Unique User Identifier (Name ID),

Once inside the Manage claim settings set the Name identifier format to Persistent and the Source attribute to "user.objectid". Click Save to apply the changes.

Next, return to the Attributes & Claims section. Here, you’ll update the claim names so they match the attribute mappings required by Designmodo. Designmodo expects the following attribute names:

email

Update each claim as follows:

    1. Click the claim with the value user.mail (the default name is usually emailaddress       ).
      • Change the Name to email      
      • Remove the Namespace value and click Save.
    2. Click the claim with the value user.givenname.
      • Change the Name to first_name      
      • Remove the Namespace value, click Save
    3. Click the claim with the value user.surname.
      • Change the Name to last_name       
      • Remove the Namespace value, click Save


Once saved, the attribute mappings in Microsoft Entra will match the values shown in Designmodo’s SSO settings. The Additional claims section should look like this:

These values uniquely identify users in Designmodo and must not be changed after users start signing in. If changes are required later, disable SSO in Designmodo and complete the setup again.

Next, return to the SAML-based Sign-on page and scroll down to the Set up D section (fourth step). Here you’ll find the Login URL, Microsoft Entra Identifier, and Logout URL. Copy the Login URL and the Microsoft Entra Identifier:

Then paste each value into the corresponding fields in Designmodo’s SSO settings page.

Just above the Set up section, locate SAML Certificates. Download the Certificate (Base64) file and save it to your computer.

Open the file using a text editor such as Notepad, copy the entire contents of the certificate:

Then paste it into the Signing Certificate (PEM format) field in Designmodo’s SSO settings page and finally, click Save Changes:

Step 3: Verify Your Domain (TXT Record)

Verify your domain using the same process described in the Okta setup. Please keep in mind that each email domain must be verified separately and that the DNS interface may vary depending on your domain provider (for example, Cloudflare or GoDaddy), but the steps remain the same.

Step 4: Assign Users and Test Login

Once the application and domain are set up, we must assign users to the application in Microsoft Entra.

In the Microsoft Entra admin center, open Enterprise applications, then select your application. In the left-hand menu, under the Manage section, click Users and groups.

Click Add user/group:

Then on the Add Assignment page, click under Users and groups and select the users you want to assign to the application.

Finally, click Assign on the bottom left.

Make sure the test user:

  • Is assigned to the application
  • Has an email address set in their contact settings

Assigned users can sign in using the SSO sign-in page:

https://designmodo.com/my-account/sso-sign-in/

After a successful login, users will appear in Designmodo’s SSO settings under Connected accounts.

OneLogin SSO Setup

To get started, create a OneLogin account:

https://www.onelogin.com/free-trial

Step 1: Create the Application in OneLogin

After signing in to the OneLogin admin dashboard, open Applications from the top navigation, once redirected, click Add App on the top right.

Search for "SAML Custom Connector (Advanced)" and select it.

Enter a name for the application (for example, Designmodo SSO) and save your changes in the top-right. Once the app is created, you’ll be taken to the application configuration screen.

Step 2: Configure SAML Settings

Open the Configuration tab of the application.

From Designmodo’s SSO settings page, copy the required SAML values and paste them into the corresponding fields in OneLogin.

Copy the Entity ID from Designmodo and paste it into the Audience (Entity ID) field.

Next, copy the Single Sign-On URL and paste it into the ACS (Consumer) URL Validator and ACS (Consumer) URL fields in OneLogin.

Now scroll down to the SAML NameID Format setting, change it to Persistent, and save the configuration using the Save button in the top-right corner.


Step 3: Configure NameID and Attributes

Open the Parameters tab to configure user identifiers and attributes.  

Click the "NameID Value" row, then update the value by changing it from Email to OneLogin ID.

Now we must add the following parameters so they match Designmodo’s expected attributes:

  • email        → user email
  • first_name        → user first name
  • last_name        → user last name

These attribute names must match exactly.

To add them:

  1. Click the plus (+) icon on the right to add a new parameter.
    • In Field name, enter email       
    • Enable Include in SAML assertion

    • Click Save and next, in the Value field, select Email

    • Click Save again

Add another parameter.

    • In Field name, enter first_name       
    • Enable Include in SAML assertion
    • Select First name as the value
    • Click Save

Add the final parameter.

    • In Field name, enter last_name       
    • Enable Include in SAML assertion
    • Select Last name as the value
    • Click Save

After all parameters are added, click Save in the top-right corner of the page.

Your SAML Custom Connector configuration should now look like this:

Important:

The NameID format and value must not be changed after SSO is enabled. If changes are required later, disable SSO in Designmodo and complete the setup again.

Step 4: Copy OneLogin SSO Details to Designmodo

Open the SSO tab in OneLogin. We need to copy the following values:

  • X.509 Certificate
  • Issuer URL
  • SAML 2.0 Endpoint (HTTP)

Under Standard Strength Certificate, click View details:

Copy the full certificate content:

And paste it into the Signing Certificate field on Designmodo’s SSO settings page:

Return to the SSO tab in OneLogin, copy the Issuer URL and the SAML 2.0 Endpoint (HTTP) values:

In Designmodo’s SSO settings, paste the "SAML 2.0 Endpoint (HTTP)" into the SSO URL (Sign-On / Login URL) field, and paste the "Issuer URL" into the Entity ID / Issuer / Identifier field:


Step 5: Verify Your Domain

Verify your domain using the same process described in the Okta setup. Please keep in mind that each email domain must be verified separately and that the DNS interface may vary depending on your domain provider (for example, Cloudflare or GoDaddy), but the steps remain the same.

Step 6: Assign Users and Test Login

If you need to add users in OneLogin, start by opening the Users section from the top navigation bar.

Click New User and fill in the required user details and click Save User in the top-right corner.

Once the user is created, open that user’s profile and go to the Applications section in the left-hand panel. Click the plus (+) icon to assign the user to the Designmodo application you created earlier.

After users are assigned, they will appear under the Users section within the application’s settings. Assigned users can then sign in to Designmodo using the SSO sign-in page.

Once assigned, users can sign in using the SSO sign-in page:

https://designmodo.com/my-account/sso-sign-in/

After a successful login, assigned users will appear in Designmodo’s SSO settings under Connected accounts.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us